From d911036768e0c48d872759557c92b9479a202bfa Mon Sep 17 00:00:00 2001
From: Mike Perham <mperham@gmail.com>
Date: Fri, 8 Feb 2019 08:53:23 -0800
Subject: [PATCH] Better handling of malformed job arguments in payload, fixes
 #4095

---
 Changes.md                 |  5 +++++
 lib/sidekiq/version.rb     |  2 +-
 lib/sidekiq/web/helpers.rb | 13 ++++++++++---
 test/test_web_helpers.rb   | 12 ++++++++++++
 4 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/Changes.md b/Changes.md
index 488336b4..f3367134 100644
--- a/Changes.md
+++ b/Changes.md
@@ -2,6 +2,11 @@
 
 [Sidekiq Changes](https://github.com/mperham/sidekiq/blob/master/Changes.md) | [Sidekiq Pro Changes](https://github.com/mperham/sidekiq/blob/master/Pro-Changes.md) | [Sidekiq Enterprise Changes](https://github.com/mperham/sidekiq/blob/master/Ent-Changes.md)
 
+HEAD
+---------
+
+- Better handling of malformed job arguments in payload [#4095]
+
 5.2.5
 ---------
 
diff --git a/lib/sidekiq/version.rb b/lib/sidekiq/version.rb
index 3928a10a..f5c23ffd 100644
--- a/lib/sidekiq/version.rb
+++ b/lib/sidekiq/version.rb
@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Sidekiq
-  VERSION = "5.2.5"
+  VERSION = "5.2.6"
 end
diff --git a/lib/sidekiq/web/helpers.rb b/lib/sidekiq/web/helpers.rb
index d9ca95b9..35b56679 100644
--- a/lib/sidekiq/web/helpers.rb
+++ b/lib/sidekiq/web/helpers.rb
@@ -207,9 +207,16 @@ module Sidekiq
     end
 
     def display_args(args, truncate_after_chars = 2000)
-      args.map do |arg|
-        h(truncate(to_display(arg), truncate_after_chars))
-      end.join(", ")
+      return "Invalid job payload, args is nil" if args == nil
+      return "Invalid job payload, args must be an Array, not #{args.class.name}" if !args.is_a?(Array)
+
+      begin
+        args.map do |arg|
+          h(truncate(to_display(arg), truncate_after_chars))
+        end.join(", ")
+      rescue
+        "Illegal job arguments: #{h args.inspect}"
+      end
     end
 
     def csrf_tag
diff --git a/test/test_web_helpers.rb b/test/test_web_helpers.rb
index 924ddc1f..a95d6b2f 100644
--- a/test/test_web_helpers.rb
+++ b/test/test_web_helpers.rb
@@ -95,4 +95,16 @@ class TestWebHelpers < Minitest::Test
     )
     assert_equal expected, obj.available_locales.sort
   end
+
+  def test_display_illegal_args
+    o = Helpers.new
+    s = o.display_args([1,2,3])
+    assert_equal "1, 2, 3", s
+    s = o.display_args(["<html>", 12])
+    assert_equal "&quot;&lt;html&gt;&quot;, 12", s
+    s = o.display_args("<html>")
+    assert_equal "Invalid job payload, args must be an Array, not String", s
+    s = o.display_args(nil)
+    assert_equal "Invalid job payload, args is nil", s
+  end
 end